<?php
session_start();
try {
    if (!$_GET['xh'])throw new Exception('必须提供要删除记录的学号信息');
    $hasRight=$_SESSION['user']['xh']===$_GET['xh'] || $_SESSION['user']['isAdmin'];//判断用户是否有修改的权限
    if (!$hasRight)throw new Exception('Sorry,你没有删除他人记录的权限~');
    $db=new PDO("mysql:host=localhost;dbname=db5;", 'root', '12qwas');
    $db->prepare("delete from students where xh=?")->execute(array($_GET['xh']));
    header('location: index.php') or die();
}catch (Exception $e){
    $msg=$e->getMessage();
}
?>
<!doctype html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport"
          content="width=device-width, user-scalable=no, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0">
    <meta http-equiv="X-UA-Compatible" content="ie=edge">
    <title>删除用户</title>
    <style>
        h1{color: red;}
    </style>
</head>
<body>
<h1>删除记录错误信息</h1>
<div class="msg"><?=$msg?></div>
</body>
</html>
